Details of VAR-201209-0167

ID

VAR-201209-0167

CVE

CVE-2012-3688

TITLE

plural Apple Used in products WebKit Vulnerable to arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2012-004363

DESCRIPTION

WebKit, as used in Apple iTunes before 10.7, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in APPLE-SA-2012-09-12-1. WebKit is prone to multiple unspecified memory-corruption vulnerabilities. An attacker can exploit these issues by enticing an unsuspecting user into visiting a malicious webpage with a vulnerable application. Few technical details are currently available. We will update this BID when more information emerges. Successful exploits will allow attackers to execute arbitrary code in the context of the affected browser or cause denial-of-service conditions; other attacks may also be possible. WebKit is a set of open source web browser engines jointly developed by companies such as KDE, Apple (Apple), and Google (Google), and is currently used by browsers such as Apple Safari and Google Chrome. Vulnerabilities exist in using WebKit in versions prior to Apple iTunes 10.7

Trust: 1.98

sources: NVD: CVE-2012-3688 // JVNDB: JVNDB-2012-004363 // BID: 55534 // VULHUB: VHN-56969

AFFECTED PRODUCTS

vendor:	apple	model:	itunes	scope:	eq	version:	4.6.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.1	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.6	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.0.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.5.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.5	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	4.2.0	Trust: 1.6
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.6	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.5	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.2	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	10.1	Trust: 1.3
vendor:	apple	model:	itunes	scope:	eq	version:	7.6	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.8.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.2.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.2.2.12	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	5.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.3.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1.10	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.1.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.5	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.2.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.1.42	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.1.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.5.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.7	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.7	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.4.0.80	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.4.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	4.9.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	9.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.6.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lte	version:	10.6.3	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.3.1	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	7.6.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	8.0.0	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	10.1.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	eq	version:	6.0.2	Trust: 1.0
vendor:	apple	model:	itunes	scope:	lt	version:	10.7	Trust: 0.8
vendor:	apple	model:	safari	scope:	lt	version:	6.0.1	Trust: 0.8
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.5	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.3	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	1.2.2	Trust: 0.3
vendor:	webkit	model:	open source project webkit r82222	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r77705	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52833	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r52401	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r51295	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r38566	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit r105591	scope:	-	version:	-	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	2	Trust: 0.3
vendor:	webkit	model:	open source project webkit	scope:	eq	version:	0	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.7	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.4	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	safari	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	itunes	scope:	eq	version:	10	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5.0.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3.5	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.3	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	4	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.2	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	3.0	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.1	Trust: 0.3
vendor:	apple	model:	ios	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 55534 // JVNDB: JVNDB-2012-004363 // CNNVD: CNNVD-201209-262 // NVD: CVE-2012-3688

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2012-3688
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2012-3688
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201209-262
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-56969
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2012-3688
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-56969
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-56969 // JVNDB: JVNDB-2012-004363 // CNNVD: CNNVD-201209-262 // NVD: CVE-2012-3688

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2012-3688

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201209-262

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201209-262

CONFIGURATIONS

sources: JVNDB: JVNDB-2012-004363

PATCH

title:	APPLE-SA-2012-09-12-1	url:	http://lists.apple.com/archives/security-announce/2012/Sep/msg00001.html	Trust: 0.8
title:	HT5502	url:	http://support.apple.com/kb/HT5502	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485	Trust: 0.8
title:	HT5502	url:	http://support.apple.com/kb/HT5502?viewlocale=ja_JP	Trust: 0.8
title:	HT5485	url:	http://support.apple.com/kb/HT5485?viewlocale=ja_JP	Trust: 0.8

sources: JVNDB: JVNDB-2012-004363

EXTERNAL IDS

db:	NVD	id:	CVE-2012-3688	Trust: 2.8
db:	BID	id:	55534	Trust: 1.4
db:	OSVDB	id:	85379	Trust: 1.1
db:	JVNDB	id:	JVNDB-2012-004363	Trust: 0.8
db:	CNNVD	id:	CNNVD-201209-262	Trust: 0.7
db:	APPLE	id:	APPLE-SA-2012-09-12-1	Trust: 0.6
db:	VULHUB	id:	VHN-56969	Trust: 0.1

sources: VULHUB: VHN-56969 // BID: 55534 // JVNDB: JVNDB-2012-004363 // CNNVD: CNNVD-201209-262 // NVD: CVE-2012-3688

REFERENCES

url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 1.7
url:	http://support.apple.com/kb/ht5485	Trust: 1.7
url:	http://support.apple.com/kb/ht5502	Trust: 1.4
url:	http://lists.apple.com/archives/security-announce/2012/sep/msg00005.html	Trust: 1.1
url:	http://www.securityfocus.com/bid/55534	Trust: 1.1
url:	http://osvdb.org/85379	Trust: 1.1
url:	https://oval.cisecurity.org/repository/search/definition/oval%3aorg.mitre.oval%3adef%3a17384	Trust: 1.1
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/78538	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-3688	Trust: 0.8
url:	http://jvn.jp/cert/jvnvu503755/index.html	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-3688	Trust: 0.8
url:	http://www.apple.com/itunes/	Trust: 0.3
url:	http://www.webkit.org/	Trust: 0.3
url:	http://prod.lists.apple.com/archives/security-announce/2012/sep/msg00001.html	Trust: 0.3

sources: VULHUB: VHN-56969 // BID: 55534 // JVNDB: JVNDB-2012-004363 // CNNVD: CNNVD-201209-262 // NVD: CVE-2012-3688

CREDITS

Martin Barbella of the Google Chrome Security Team, miaubiz, Abhishek Arya of the Google Chrome Security Team, Skylined of the Google Chrome Security Team, Yong Li of Research In Motion, Apple Product Security, Dominic Cooney of Google, Apple, Mario Gomes

Trust: 0.3

sources: BID: 55534

SOURCES

db:	VULHUB	id:	VHN-56969
db:	BID	id:	55534
db:	JVNDB	id:	JVNDB-2012-004363
db:	CNNVD	id:	CNNVD-201209-262
db:	NVD	id:	CVE-2012-3688

LAST UPDATE DATE

2025-04-11T20:59:03.650000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-56969	date:	2017-09-19T00:00:00
db:	BID	id:	55534	date:	2013-01-28T21:00:00
db:	JVNDB	id:	JVNDB-2012-004363	date:	2012-10-16T00:00:00
db:	CNNVD	id:	CNNVD-201209-262	date:	2012-09-18T00:00:00
db:	NVD	id:	CVE-2012-3688	date:	2025-04-11T00:51:21.963

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-56969	date:	2012-09-13T00:00:00
db:	BID	id:	55534	date:	2012-09-12T00:00:00
db:	JVNDB	id:	JVNDB-2012-004363	date:	2012-09-18T00:00:00
db:	CNNVD	id:	CNNVD-201209-262	date:	2012-09-18T00:00:00
db:	NVD	id:	CVE-2012-3688	date:	2012-09-13T10:30:20.807